Spectre and Meltdown security vulnerabilities

Ben Stoneham
Ben Stoneham

You may be aware that overnight news broke of a serious design flaw affecting virtually every Computer Processor (CPU) made in the past 10 years by all of the major manufacturers including Intel, AMD and ARM that requires an immediate patch to be applied to our systems in Amazon Web Services (AWS) in order to ensure that are not exposed to what is a difficult-to-execute, but nevertheless potentially serious security risk that it poses.

You can read more about this in The Register, Software Engineering Institute and the BBC.

We started work to address this during the early hours of this morning and during the course of today we will be working with Amazon to complete the work required in order to apply security updates to our underlying infrastructure.

There has been some speculation that this patch will, because of what it needs to do, adversely affect CPU performance with some in the media quoting figures of between 6% and 30% depending on work load profile. Clearly those are material numbers if true and in truth the worldwide tech industry won't know whether that is the case for a number of days.

However, I can offer the reassurance that (irrespective whether this patch does impact individual CPU performance or not) there will be no consequential impact on our service because one of the principle benefits of our multi-tenant architecture design is that our platform can scale-up compute-power on demand so any drop in individual CPU performance will be fully mitigated by this capability.

A final point to note is that this flaw is not restricted to any one Operating system or Server based environment but applies to almost every CPU across any device or platform over the past 10 years - Desktops running any version of Windows, Macintosh OS, mobile phones running IOS or Android or Servers running Unix. When you stop to consider the implications of that they are quite significant.

As a business born in the cloud Autologyx® has been designed so that this kind of event can be managed efficiently with minimum disruption in order to guarantee service and security for our customers. For an enterprise business looking on an often sprawling and eclectic mix of desktops, mobile and on-premis solutions this morning the picture must be quite different. IT departments all over the world will be studying the issue intently, wondering how on earth they are going to efficiently deal with the problem.

Interesting times!